Remarks 



Entry of the amendments, reconsideration of the application, as amended, and 
allowance of all pending claims are respectfully requested. Upon entry of the amendments, 
claims 1-12 are pending. 

With the above amendments, applicants are clarifying that in one aspect of 
applicants' claimed invention, the access program layer is provided on one data processing 
node running an application client and another data processing node running an application 
server, and that access program layer presents a consistent security interface to the 
application client and the application server. Further, applicants have recited in new claim 1 1 
the use of the access program layer by the application client and the application server to 
negotiate the common security mechanism to be used. Support for these amendments may 
be found throughout applicants' specification, including, for instance, in FIG. 1 and 
paragraphs 17-20. Therefore, no new matter has been added. 

Although clarifying amendments have been made above in an effort to advance 
prosecution of this application, applicants respectfully reserve the right to pursue the subject 
matter of the claims prior to amendment, if desired. 

In the Office Action, dated December 8, 2005, it is stated that this Office Action is 
being provided in view of the Appeal Brief filed on 10/05/2005. To clarify, applicants 
respectfully submit that an Appeal Brief was not filed on 10/05/2005, but instead, it was a 
Pre- Appeal Brief Request for Review. 

Substantively, in the Office Action, claims 1-10 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Moreh et al. (U.S. Publication No. 2003/0046391). Applicants 
respectfully, but most strenuously, traverse this rejection to any extent deemed applicable to 
the amended claims for the reasons herein. 

In one aspect, applicants' invention is directed to providing security services in a 
clustered data processing environment. An access program layer is provided on at least two 
data processing nodes and this access program layer presents a consistent security interface 
to application clients and application servers running on the data processing nodes. This 
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consistent security interface represents a security mechanism common to at least one 
application client and at least one application server. Further, at least one adapter module is 
provided for the common security mechanism and this at least one adapter module maps one 
or more parameters of a security service implemented by the common security mechanism to 
the consistent security interface. This allows applications running on the data processing 
nodes to use different security mechanisms without being modified. 

In one particular aspect, applicants claim a method for providing security services in a 
clustered data processing environment (e.g., independent claim 1). The method includes, for 
instance, providing an access program layer on one data processing node running an 
application client and another data processing node running an application server, the access 
program layer presenting a consistent security interface to the application client and the 
application server, the consistent security interface representing a security mechanism 
common to the application client and the application server, wherein the application client 
has one set of security mechanisms available thereto and the application server has another 
set of security mechanisms available thereto, and wherein at least one of the one set of 
security mechanisms and the another set of security mechanisms comprises a plurality of 
security mechanisms; and providing an adapter module for the common security mechanism, 
the adapter module mapping one or more parameters of a security service implemented by 
the common security mechanism to the consistent security interface, whereby applications 
running on the one data processing node and the another data processing node do not require 
modification to use different security mechanisms. Thus, in this aspect of applicants' 
claimed invention, an access program layer is provided on multiple data processing nodes 
running an application client and an application server. This layer presents a consistent 
security interface to the application client and the application server running on those nodes. 
This is very different from the teachings of Moreh. 

In Moreh, a subject is to authenticate itself to a server application. When this is to 
occur, a client application associated with the subject interacts with an authentication agent to 
obtain an authentication response to deliver to the server application. "A successful 
interaction between the client 22 and the authentication agent 24 produces information about 
exactly one authentication mechanism 32 for the client 22 to use" (Moreh, page 3, paragraph 
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0044, lines 7-9). Thus, in Moreh, the client application is the one to interact with the 
authentication agent. The server application has no such interaction. This is very different 
from applicants' claimed invention. 

In contrast to Moreh, in applicants' claimed invention, the access program layer is 
provided to both the application server and the application client, and not just to the 
application client, as recited in Moreh. In applicants' claimed invention, the access program 
layer is provided to both the application client and the application server such that a 
consistent security interface is provided to both. This consistent security interface represents 
a security mechanism common to the application client and the application server. In Moreh, 
there is no such discussion of a security mechanism that is common to both the application 
client and the application server, since the server application in Moreh need not interact with 
the authentication agent. It is only the client that interacts with the authentication agent and 
produces information about the authentication mechanism for that client to use (see, e.g., 
Moreh page 3, paragraph 44, lines 8-11). 

Since in Moreh there is no description, teaching or suggestion of providing an access 
program layer to both the client and server applications to present a consistent security 
interface to both the client and the server applications, and since there is no discussion in 
Moreh of a security mechanism common to both the client and server applications, Moreh 
fails to describe, teach or suggest one or more aspects of applicants' claimed invention. For 
example, Moreh fails to describe, teach or suggest an access program layer on one data 
processing node running an application client and another data processing node running an 
application server, the access program layer presenting a consistent security interface to the 
application client and the application server. As a further example, Moreh fails to describe, 
teach or suggest a security mechanism common to both the application client and the 
application server, as claimed by applicants. For at least these reasons, applicants 
respectfully submit that Moreh does not anticipate applicants' claimed invention. Thus, 
applicants respectfully request an indication of allowability for independent claims 1, 9 and 
10. 

Further, the claims that depend therefrom are patentable for the same reasons as the 
independent claims, as well as for their own additional features. For example, new 
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dependent claim 1 1 further describes using the access program layer by the application client 
and the application server to determine one or more security mechanisms that are common to 
the application client and the application server and to negotiate between themselves which 
security mechanism of those one or more common security mechanisms is to be used as the 
common security mechanism. This is not described, taught or suggested in Moreh. 

Moreh fails to describe, teach or suggest at the very least an application server using 
an access program layer to negotiate with an application client a common security 
mechanism to be used. In Moreh, only the client application deals with the authentication 
agent, not the server. There is no negotiation between the client and server in Moreh of a 
common security mechanism. This is missing from Moreh. Therefore, applicants 
respectfully submit that this claim is also patentable over Moreh. 

For all of the above reasons, applicants respectfully request an indication of 
allowability for all claims pending in this application. 

Should the Examiner wish to discuss this case with applicants' attorney, please 
contact applicants' attorney at the below listed number. 

Respectfully submitted, 

Blanche E. Schiller 
Attorney for Applicants 
Dated: March ^ ,2006. Registration No.: 35,670 

HESLIN ROTHENBERG FARLEY & MESITI P.C. 

5 Columbia Circle 

Albany, New York 12203-5160 

Telephone: (518)452-5600 

Facsimile: (518)452-5579 
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